Research
-
Atomic Stealer campaign abuses macOS Script Editor in ClickFix variation
A new macOS malware campaign is using Script Editor in a ClickFix-style attack to deliver Atomic Stealer, avoiding Terminal prompts and relying on fake Apple-themed pages that push users to run malicious code.
-
13-year-old ActiveMQ flaw lets attackers run commands remotely
Researchers found a 13-year-old remote code execution flaw in Apache ActiveMQ Classic that can let attackers run commands. The bug affects versions before 5.19.4 and some 6.x releases, and Apache has already released fixes.
-
Masjesu botnet emerges as DDoS-for-hire service targeting IoT devices
Researchers say the Masjesu botnet has been sold as a DDoS-for-hire service since 2023, targeting IoT devices across multiple architectures while using stealth tactics, self-propagation and hard-coded control channels.
-
Russian military hackers target thousands of consumer routers, researchers say
Russian military-linked hackers used tens of thousands of consumer routers in 120 countries to reroute traffic to credential-harvesting sites, researchers said. The campaign targeted older MikroTik and TP-Link devices and used DNS changes to intercept connections.
-
Anthropic launches Project Glasswing to use Claude Mythos for vulnerability hunting
Anthropic launched Project Glasswing to use its Claude Mythos preview model for vulnerability hunting, saying the system found thousands of flaws and can also be powerful enough to aid exploitation.
-
North Korea-linked campaign spreads across five open-source ecosystems
A North Korea-linked campaign has spread malicious packages across five open-source ecosystems, with a technical analysis saying more than 1,700 packages have been linked to the activity since January 2025.
-
US agencies warn of Iranian-linked attacks on internet-facing PLCs
US agencies warned that Iran-linked hackers are targeting internet-facing PLCs in critical infrastructure, including water and energy systems, and have caused display manipulation, device disruption and financial loss in some cases.
-
Docker flaw lets attackers bypass authorization plugins in some setups
Docker disclosed a high-severity flaw in Engine that could let attackers bypass authorization plugins in some setups. The issue, tracked as CVE-2026-34040, was patched in version 29.3.1 and linked to an incomplete fix for an earlier bug.
-
APT28 linked to router hijacking campaign that affected 200 organizations
APT28 has been linked to a campaign that hijacked insecure routers to redirect DNS traffic and steal credentials. The operation affected more than 200 organizations and 5,000 consumer devices, according to Microsoft.
-
Over 1,000 exposed ComfyUI instances targeted in crypto mining botnet campaign
A Censys technical analysis says more than 1,000 exposed ComfyUI instances are being scanned and infected in a campaign that installs crypto miners, a proxy botnet and persistence tools through unsafe custom nodes.
